· The purpose of the study is to find out whether the software implementation of UMTS radio access network encryption is feasible · Feasibility is evaluated primarily from the performance and capacity point of view

· Cornerstone is the 128-bit secret key K · K is a shared secret between USIM smart card in user's terminal and Authentication Center in user's home network · The keys used in encryption and integrity protection are derived from this key · Data is transferred encrypted between a terminal and a radio network controller (RNC) · In GSM the encryption was terminated already in base station (BS) leaving the potentially vulnerable links between BS and Base Station Controller (BSC) unencrypted · Encryption and integrity protection are symmetric operations, thus exactly the same algorithm is executed both in terminal and in RNC

· f8 is a stream cipher being able to encrypt/decrypt blocks of data between 1 and 20000 bits in length · Algorithm takes five input parameters and generates randomlooking mask that is applied to the plaintext · Internally f8 uses KASUMI block cipher

· f9 algorithm is used to implement the integrity protection between a terminal and a network ·Sending party uses f9 to generate message authentication code (MAC-I) ·Receiving party uses f9 as well to verify the identity if the sender · Algorithm takes five input parameters and produces the integrity code that is appended to the end of signaling message

· A ciphering software module was implemented for the tests · Based on the reference implementation in 3GPP TS 35.202 · Provides full f8 and KASUMI algorithm functionalities · Coded in C, not manually optimized · An existing hardware-based ciphering implementation serves as a reference · Ciphering mask generation (i.e. the f8 algorithm) is done in a separate ASIC circuit · A test process was also implemented · Test process uses both the software ciphering and the hardware ciphering and measures the performance · Performance is measured in terms of execution time · Average, minimum and maximum execution times are measured

· Several different kinds of tests were conducted · Variable number and size of data blocks to be ciphered · Most relevant ones map into the data rates and sizes used in real world, i.e. in UMTS 1. Speech traffic simulation test · Data block size is selected to be similar to those used in AMR speech call 2. Non real-time (NRT) data traffic simulation test · Data block sizes are selected to be similar to those in NRT data calls with different data rates

· Measurement results show that software ciphering is significantly faster · With three data blocks (same in speech call) the software ciphering consumes about half of the time used by ASIC · Difference behaves linearly being about 50 % throughout the tested range

· Measurement results show that the performance is almost the same with both alternatives · With only a few blocks of more than 50 blocks the software is faster, otherwise the ASIC is marginally faster · No significant differences

· According to the results the software ciphering has at least as good performance than the ASIC ciphering ·Especially when the number of data frames is small or the data frame size is small · ASIC solution performance suffers from relatively large overhead in inter-process communication and operating system context switches ·The ASIC solution involves a lot of signaling between the application process and the ASIC driver process ·The software ciphering does not have any of this overhead because all the processing is done inside the application process Pros and cons ASIC pros: · Already existing solution, tested and integrated ASIC cons: · Lower performance due to the interface overhead SW pros: · No need for HW design · Better performance · Flexible, new functionality can be added later if needed ·New algorithms etc. · Rather straightforward to test SW cons: · Consumes some of the DSP processing power (max ~8 %)

· Software ciphering improves performance, especially for speech traffic ciphering · It also simplifies the architecture · No need for HW-SW interface · Faster design cycle · Implementation is found to be straightforward and require a reasonable amount of time Thus, the software ciphering is estimated to be a very feasible choice for the purpose.